HIPAA Audits – How To Prepare

With the new wave of HIPAA PHASE 1 & PHASE 2 Audits, (that began in November 2016 and will be still running strong in 2019), most dental offices don’t know where to start to streamline their efforts.  Turning the other cheek to this big, bold requirement won’t make it go away. And burying your head-in-the-sand will only make the requirements seem uglier when you surface.  The sinister HIPAA Auditor may ominously creep into your office, like a grim reaper, ready to rip your HIPAA protocols to shreds. 

Protecting your practice is an essential step in setting up your HIPAA compliance protocols.  Did you know there are 89 risks you face in private practice every day?  Eighty-nine!  This is based on research released from noted Dental Financial Prosperity Coach, P. Christopher Music.  Christopher elaborates, “Think about it—Did you ever hire the wrong person?  What did it cost you?  The National Average Cost is $30,000!  Let alone the time, effort and headache that it cost to correct that error.  Building a system around everything you do within your dental office saves you time, money and mistakes.  HIPAA & OSHA compliance protocol systems are no exception.  Especially these days with the deep fines and lengthy inspections that come with governmental intervention.”  (Listen to an enlightening podcast on How to Set Up HIPAA Systems within your office by clicking here).  

We all know, “Knowledge is power”. Discovering and implanting streamlined HIPAA systems is like adding steroids to that power.   Results-based HIPAA Compliance is what you want. Applying a tried-and-true system to almost anything we do in dentistry saves us time money and the pain of the misstep.       

Results Based HIPAA Compliance is the result of implementing a 3-pronged approach to compliance.  Every dental practice owner must be sure to include: 

Employee Training: Remember, every employee must be trained to these new HIPAA Omnibus Rules Standards of 2013.  This includes full-time and part-time employees, as well as, clinical and non-clinical employees.  Rest assured that “Proof-of-Training” will be requested by the HIPAA Auditor typically within the first 5-minutes of his visit.  All employees must have this HIPAA Omnibus Rule training prior to handling any Patient Protected Health Information (PHI).

Required Paperwork:  Currently, this includes (8) HIPAA forms that should be in-use and functioning within your dental office.  These HIPAA forms include: patient, employee, office and business vendor forms that inform and protect your patient’s rights to privacy vs. access of their Protected Health Information (PHI).  And a HIPAA Manual—written to the new HIPAA Omnibus Rule standard is required as a Federal Document in every USA healthcare facility. 

Facility Protocols: …will be the next stop on “the HIPAA Hitman’s” tour of your dental office.  It is not enough to just implement HIPAA Employee Training and the Required Paperwork.  You must make sure that you connect-the-dots of your training and paperwork by implementing all of the required HIPAA Facility Protocols.  This gets to be challenging because technology is constantly changing and growing.  The best way to get your dental office fully HIPAA compliant is to utilize a checklist.  HIPAA Facility Protocols include everything from your patient check-in procedures to how you text patient info after hours.  To keep current with these changing protocols, align with a trusted HIPAA resource.  One that offers expertise and keeps you informed.      


Get informed.  Power Up!  HIPAA AUDITS:  BRING IT!!!  Townies got this!                                                    

Call us for a copy of our:  2017 HIPAA FACILITY COMPLIANCE CHECKLIST  941-587-2864


The risk of Non-Compliance with these new HIPAA Rules

Building a system will help protect you.



Below are (16)  HIPAA Facility Protocols that all HIPAA Auditors will check.

Make sure your facility is HIPAA Compliant in these areas.   If you need additional guidance—feel free to give us a call.  

The HIPAA made EASY Team


□  Patient Check-in / Check-Out Procedures ensure Privacy: ensure that there is no “overhear” or visual intrusions. (No overhear or visual intrusions)

□  Office Server is Secure:  If on-site, place in a secure well ventilated room or lock down with a “server cage” or “server locker”.

Office Wi-Fi is partitioned or separate so that patients cannot access business Wi-Fi.

□  Copy Machine is Secure:  Placed in a secured location, monitored by management, shredder in use & HIPAA Compliant Copy Policies in Place

□  Our Out Going Emails are HIPAA Compliant:  Either an Email Encryption Software Bridge is in use or  a Written Email Use Program with Testing Protocol (tested on every email) is in place.

□  Use A HIPAA Compliant Text-App is in use on all Cell Phones that share Patient PHI so that patient information is sent securely over text.  (Alternatively, if you do not want to load in a Phone APP then, do not text patient PHI)

□  Fax Machine is operating to current HIPAA Standards.  Convert Facsimile to Fax-to Email to ensure facsimiles are encrypted when sent.  Or, traditional faxing will require that you write a detailed Fax Safeguard Plan and implement it to the current HIPAA standards!  

□  Do away with take-along data back-up drives and go fully cloud-based. Lost or stolen take-along drives prove to be a major risk to healthcare facility owners.   Theft of a device risks a $150K HIPAA fine + 18-month audit! Automatic, encrypted, cloud back-up is Best Practices.  Research & choose a reputable cloud hosting service.

Get a HIPAA Manual written to HIPAA Omnibus Rule Standards:  Make sure your manual is up-to-date, customized per office location with HIPAA Officer and Compliance Committee listed.  Hi-tech Law, physical, technical & administrative aspects of HIPAA protocols are all clearly defined for your office (included in HIPAA Manual).  Areas for updates to written policies with notable periodic reviews are evident.

□ Have detailed HIPAA Reports—Up-to-Date: Risk Assessment Report & Data Back-Up & Contingency Report Up-to-date, detailed, customized per office location.

All Employees are trained to HIPAA Omnibus Rule Standard. All Employees must be trained to current HIPAA standards, prior to handling patient PHI.  Update employees on HIPAA rules to keep up with evolving HIPAA laws and technology updates that concern PHI.

All Employees have signed all HIPAA Required Employee Forms:  Up-to-date, signed and readily available for HIPAA Auditor.   All employees must complete HIPAA Omnibus Rule Training by watching HIPAA Omnibus Rule Video:


Appropriate Business Vendors have signed Business Associate Agreements with your office.  Have all applicable Business Vendors sign (then retain on-file), a HIPAA Omnibus Rule—Business Associates Agreement (BAA).  This is a Vendor Confidentiality Agreement, that is required for all vendors who “see or use” your patient PHI.

□  Update and use other required in-office HIPAA Forms written to Omnibus Rule Standards.  These would include, but may not be limited to:  Patient Acknowledgement Agreement, Notice of Privacy Practices, Third Party Release Form, etc.

□  Align your office with a reliable HIPAA Resource.  Search out a reliable HIPAA Trainer or join a HIPAA Web-Group that will provide support, updates and tutorials on these ever-evolving HIPAA laws.

□  Have HIPAA Practice Drills with your team:  HIPAA requirements will always be evolving and changing in relation to our advances in technology.  Be sure to practice with your team, how you should handle various scenarios with regards to patient PHI, internet use, etc.  Establish and update your HIPAA office protocols periodically or at least annually.

Call us if you have questions on this checklist.  Many healthcare professionals feel overwhelmed when they have to tackle an update to their current HIPAA program. If you have questions about your current HIPAA Protocol set up, or if you would like information on our HIPAA COMPLETE PKG or ALL-IN-ONE OSHA & HIPAA TRAINING PKG, please feel free to contact us at any time for a confidential, complimentary consultation.  We love this stuff!  And are here to support your success with HIPAA protocols.  

The HIPAA made EASY Team